Hacking: Breaking through the Unbreakable

What is Hacking?

 

Hacking is the work of someone who is very knowledgeable and skilled when referring to computer programming. In fact, they are often so skilled that you do not want to find yourself in their scope of potential targets. The saying, where there’s a will, there’s a way, is ever so relevant to the hacker community. By this I mean that if a hacker wants to get into your computer, they will surely find a way to make it happen. So what exactly is hacking? At its most basic concept, hacking is the unauthorised access of information using a computer to execute the attack. In some cases, the hack can be very apparent, while in others it may go unnoticed.

 

Understanding that it’s an intrusion of your computer, what can someone do with hacking once they’re inside? Essentially hackers can do whatever they please, but often do something like:

 

• Modify certain features or properties of a system, usually for the worse
• Monitor any activity on the system, like the behaviour of a user
• Temporarily or permanently disrupt a system

 

There are actually three types of hackers that are defined by a specific hat colour for each group. The reason for the different hat colours is to signify the group’s cause and reason for hacking in the first place. Here are the three different hat colours to identify the type of hacker:

 

White Hats: These hackers are known to be ethical and not use their skills for immoral or illegal purposes. Specifically, they are hired by companies to test security systems and provide consultation regarding improvement to these infrastructures.

 

Grey Hats: These hackers walk a fine line between white and black hats, but do not share the same malicious intent as black hats. However, these hackers are willing to cross ethical boundaries, but will not exploit vulnerabilities in a malicious way. An example would be a hacker that discovers a vulnerability in a company’s website and then approaches the company asking for a fee to fix it. These are people who hack first and approach the company after. Whereas white hats are asked first and hack upon permission being granted.

 

Black Hats: These individuals are the types of hackers you see in movies. They’re the ones out with something to gain for themselves. This could be financially related or for pure satisfaction. Crimes like the recently uncovered breach of Yahoo is an example of black hat hackers at work looking for confidential information to be used for their own benefit.

 

A popular online hacker group today goes by the name Anonymous. Some of their more recent exploits include hacking the Sony PlayStation Network and the leaking of information exposing many KKK members in a U.S. state. The data leak revealed the involvement of everyone from police officers to school teachers and other unsuspecting individuals. This hacktivist group even went on to take down some ISIS websites earlier this year. Hacktivists are those who use hacking for the purposes of increasing social awareness around the individual’s or group’s cause. However it is still illegal which can be seen through the arrests of individuals who are believed to be part of this group Anonymous. Hopefully this helps to show some of the many cases where hacking is used as a means of achieving something.

Is Hacking Illegal?

 The definition of hacking itself defines it as a form of unauthorised access, which by definition makes it illegal. At the very least, you are breaching someone’s right to privacy – this holds true for grey and black hat hackers. However, the case of white hat hackers is a little different. In fact, it isn’t illegal in this case since these hackers are hired by big companies as a method for improving their security systems and recognizing any flaws in its design.

 

How Hacking Works

 There are many different types of hacks and specific methods for executing each one. Every kind of hack works in its own way, but hacking in general shares common goals. More often than not, these hacks are meant to gain unauthorised access to a website to do as you wish or to extract sensitive information from a certain source, whether that be a user or the company. Here are some of the most common types of hacks:

 

1. DDOS Attack: DDOS means distributed denial of service and occurs when a system is offline and unavailable to users. The whole point of these hacks are to prevent access to a certain website. Often it is with the intention of temporarily interrupting or taking down websites down for good. These are executed by sending an absurd amount of URL requests that the website ultimately cannot process. It’s as if lots of computers are trying to access the website all at once, but it just cannot keep up. This causes the website to crash and become temporarily unavailable to users until the queue is cleared. Who knows, Anonymous could have used this method in bringing down many ISIS websites.
2. Cross Site Request Forgery Attack: This happens when you’ve already logged into a website and a request to collect your cookies pops up. This request isn’t legitimate meaning the hacker has access to your cookies if you allow it. With this access, the hacker is able to execute actions in the application without being detected since the server cannot differentiate between the hacker and the actual user. This is typically why websites ask you to logout after you’re done with your session as it terminates the cookies session immediately. For example, if someone did this while you were on PayPal, they could make a request to transfer funds to a bank which would seem normal from a technical perspective, but in reality it’s a hack.
3. Remote Code Execution Attack: Basically this allows the hacker from anywhere in the world to access your computer and make changes as they like. This is what you see in big cybercrime movies where someone hacks into another person’s computer and starts making changes. Of course, this is all done from a remote computer itself so the hacker doesn’t even need to touch the actual computer to get inside.
4. Social Engineering Attacks: This type of hack may or may not be executed via computer. It occurs in a situation where someone impersonates a company representative in an attempt to draw out sensitive information. It can also be considered a phishing scam, especially when it comes in the form of a fake email. A common example is the email we’ve probably all received saying a lawyer (typically from Africa) has been tasked with transferring a massive inheritance to us by a long lost relative. Of course, this is too good to be true and if you succumb to their tricks you will have become a victim of a social engineering attack. The sensitive information is typically given by you willingly because of a false impression – don’t be fooled!
5. Symlinking: These are files created that act as a redirect to another file. This could be used by hackers if they create a symlink with a particular name. If someone creates another file with this same name, then it creates a link. This link grants the hacker unauthorised access to the new file by running the symlink. Typically this is used to modify, leak or destroy certain files. Hackers are able to do all of these with a successfully placed symlink.
6. SQL Injection: An example of an SQL injection attack occurred leaving the recently hacked Yahoo vulnerable. This was an earlier breach back in 2012. Basically, the hacker alters the code in your website or software so that all of the data that gets collected is sent elsewhere. Specifically, it is sent to the hacker instead of or in addition to you. In the case that it is redirected to the hacker, you may be able to detect this if all of a sudden certain data isn’t being collected – or at least seems like it isn’t being collected.
7. XXS Attack: Also known as cross site scripting, this is typically found in web applications. Basically, the user is led to what they think is an official website, but is actually an imitation made by hackers. It is used to withdraw sensitive information and user credentials.
8. Broken Authentication and Session Management Attack: Essentially, this is where a hacker exploits your user authentication process. Thus, if they are weak then you may be susceptible to hacker attacks. Specifically if passwords are not securely stored or other technicalities, a hacker can easily take advantage and gain access to your users’ accounts.
9. Clickjacking: Also known as a UI Redress attack, it is an intricate scheme of tricks. Basically, the hacker manages to create layers in a webpage that are essentially hidden under the page’s appearance. For example, users could be led to believe that they are typing into certain fields, but really there are other fields hiding under the webpage. Everything that is typed and entered into the field is then collected by the hacker.
10. DNS Cache Poisoning: Commonly referred to as DNS Spoofing, this is where hackers basically redirect you to a site of their own instead of the one you’re looking for. Specifically, when you type in a URL like facebook.com, this is translated into a numerical IP address where your computer is redirected to. If a hacker is able to breach a company’s system and change the IP address to something else, you could end up being redirected elsewhere. Often, it leads to a page containing malicious content that hackers use to breach your system. An example of this occurred with the Great Firewall of China – the nation’s method of censoring certain websites. Essentially the Chinese government would intentionally poison their own DNS caches so when Chinese users search a site that was censored, it would lead to a blank page. Somehow, someone else accidentally inputted one of these censored Chinese IP addresses into their system. This meant that when people in this country outside of China searched for the website, they were unable to visit it. It caused much confusion since these people would otherwise be able to access these pages. This unintended censorship even made its way to the USA.

Hopefully by understanding these different types of hacks that could occur, you can take the necessary measures to prevent them before they happen. At the very least, you will recognize a few possibilities as to where they could take place.

What is WiFi Hacking?

WiFi hacking is essentially cracking a secured WiFi password in order to gain unauthorised access to the network. There are different formats that WiFi networks use to secure their networks, but unfortunately they are not fully protected from hackers. There are different applications offered online that can be used for WiFi Hacking.

 

When you first connect to a network – at least for PC users – it asks what your purpose is, whether it’s a private network (i.e. home) or a public network (i.e. coffee shop). A warning message pops up for public networks saying that other users connected to the network may be able to view data that you send over the network. Just by that alone you should be able to see the implications of WiFi hacking. If someone has access to the network and the capabilities to view other people’s activities on the same network, it could become a concern to you. Often your computer will provide a warning that you’re about to send sensitive information over a public network or that your connection is not private.

 

However, at home we typically do not receive these messages since we are on a private network. Thus, you don’t get warning signs about sending sensitive information over the network. Unfortunately, when a hacker gets inside, who knows what they could do. Specifically, if someone is on your WiFi network this means that anything they do is traced back to you since it is your network. I’m sure you can imagine where this could lead to, especially if they engage in criminal activity.